Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Privacy
Backups Data Leak Google Google Maps Privacy

Google Deletes User Data by Mistake – Who’s Affected and What to Do

 



Google has recently confirmed that a technical problem caused the loss of user data from Google Maps Timeline, leaving some users unable to recover their saved location history. The issue has frustrated many, especially those who relied on Timeline to track their past movements.


What Happened to Google Maps Timeline Data?

For the past few weeks, many Google Maps users noticed that their Timeline data had suddenly disappeared. Some users, who had been saving their location history for years, reported that every single recorded trip was gone. Even after trying to reload or recover the data, nothing appeared.

Initially, Google remained silent about the issue, providing no confirmation or explanation. However, the company has now sent an email to affected users, explaining that a technical error caused the deletion of Timeline data for some people. Unfortunately, those who did not have an encrypted backup enabled will not be able to restore their lost records.


Can the Lost Data Be Recovered?

Google has advised users who have encrypted backups enabled to try restoring their Timeline data. To do this, users need to open the latest version of Google Maps, go to the Timeline section, and look for a cloud icon. By selecting the option to import backup data, there is a chance of retrieving lost history.

However, users without backups have no way to recover their data. Google did not provide a direct apology but acknowledged that the situation was frustrating for those who relied on Timeline to recall their past visits.


Why Does This Matter?

Many Google Maps users have expressed their disappointment, with some stating that years of stored memories have been lost. Some people use Timeline as a digital journal, tracking places they have visited over the years. The data loss serves as a reminder of how important it is to regularly back up personal data, as even large tech companies can experience unexpected issues that lead to data deletion.

Some users have raised concerns about Google’s reliability, wondering if this could happen to other services like Gmail or Google Photos in the future. Many also struggled to receive direct support from Google, making it difficult to get clear answers or solutions.


How to Protect Your Data in the Future

To avoid losing important data in cases like this, users should take the following steps:

Enable backups: If you use Google Maps Timeline, make sure encrypted backups are turned on to prevent complete data loss in the future.

Save data externally: Consider keeping important records in a separate cloud service or local storage.

Be aware of notifications: When Google sends alerts about changes to its services, take immediate action to protect your data.


While Google has assured users that they are working to prevent similar problems in the future, this incident highlights the importance of taking control of one’s own digital history. Users should not fully rely on tech companies to safeguard their personal data without additional protective measures.



Read more »
Technology
Cyberhackers Cybersecurity CyberThreat Gmail Google Google Drive Google Meet Technology

Gmail Upgrade Announced by Google with Three Billion Users Affected

 


The Google team has officially announced the launch of a major update to Gmail, which will enhance functionality, improve the user experience, and strengthen security. It is anticipated that this update to one of the world’s most commonly used email platforms will have a significant impact on both individuals as well as businesses, providing a more seamless, efficient, and secure way to manage digital communications for individuals and businesses alike.

The Gmail email service, which was founded in 2004 and has consistently revolutionized the email industry with its extensive storage, advanced features, and intuitive interface, has continuously revolutionized the email industry. In recent years, it has grown its capabilities by integrating with Google Drive, Google Chat, and Google Meet, thus strengthening its position within the larger Google Workspace ecosystem by extending its capabilities. 

The recent advancements from Google reflect the company’s commitment to innovation and leadership in the digital communication technology sector, particularly as the competitive pressures intensify in the email and productivity services sector. Privacy remains a crucial concern as the digital world continues to evolve. Google has stressed the company’s commitment to safeguarding user data, and is ensuring that user privacy remains of the utmost importance. 

In a statement released by the company, it was stated that the new tool could be managed through personalization settings, so users would be able to customize their experience according to their preferences, allowing them to tailor their experience accordingly. 

However, industry experts suggest that users check their settings carefully to ensure their data is handled in a manner that aligns with their privacy expectations, despite these assurances. Those who are seeking to gain a greater sense of control over their personal information may find it prudent to disable AI training features. In particular, this measured approach is indicative of broader discussions regarding the trade-off between advanced functionality and data privacy, especially as the competition from Microsoft and other major technology companies continues to gain ground. 

Increasingly, AI-powered services are analyzing user data and this has raised concerns about privacy and data security, which has led to a rise in privacy concerns. Chrome search histories, for example, offer highly personal insights into a person’s search patterns, as well as how those searches are phrased. As long as users grant permission to use historical data, the integration of AI will allow the company to utilize this historical data to create a better user experience.

It is also important to remember, however, that this technology is not simply a tool for executive assistants, but rather an extremely sophisticated platform that is operated by one of the largest digital marketing companies in the world. In the same vein, Microsoft's recent approach to integrating artificial intelligence with its services has created a controversy about user consent and data access, leading users to exercise caution and remain vigilant.

According to PC World, Copilot AI, the company's software for analyzing files stored on OneDrive, now has an automatic opt-in option. Users may not have been aware that this feature, introduced a few months ago, allowed them to consent to its use before the change. It has been assured that users will have full Although users have over their data they have AI-driven access to cloud-stored files, the transparency of such integrations is s being questioned as well as the extent of their data. There remain many concerns among businesses that are still being questioned. Businesses remain concerned aboutness, specifically about privacy issues.

The results of Global Data (cited by Verdict) indicate that more than 75% of organizations are concerned about these risks, contributing to a slowdown in the adoption of artificial intelligence. A study also indicates that 59% of organizations lack confidence in integrating artificial intelligence into their operations, with only 21% reporting an extensive or very extensive deployment of artificial intelligence. 

In the same way that individual users struggle to keep up with the rapid evolution of artificial intelligence technologies, businesses are often unaware of the security and privacy threats that these innovations pose. As a consequence, industry experts advise organizations to prioritize governance and control mechanisms before adopting AI-based solutions to maintain control over their data. CISOs (chief information security officers) might need to adopt a more cautious approach to mitigate potential risks, such as restricting AI adoption until comprehensive safeguards have been implemented. 

The introduction of AI-powered innovations is often presented as seamless and efficient tools, but they are supported by extensive frameworks for collecting and analyzing data. For these systems to work effectively, they must have well-defined policies in place that protect sensitive data from being exposed or misused. As AI adoption continues to grow, the importance of stringent regulation and corporate oversight will only increase. 

To improve the usability, security and efficiency of Gmail, as well as make it easier for both individuals and businesses, Google's latest update has been introduced to the Gmail platform. There are several features included in this update, including AI-driven features, improved interfaces, and improved search capabilities, which will streamline email management and strengthen security against cybersecurity threats. 

By integrating Google Workspace deeper, businesses will benefit from improved security measures that safeguard sensitive information while enabling teams to work more efficiently and effectively. This will allow businesses to collaborate more seamlessly while reducing cybersecurity risks. The improvements added by Google to Gmail allow it to be a critical tool within corporate environments, enhancing productivity, communication, and teamwork. With this update, Google confirms Gmail's reputation as a leading email and productivity tool. 

In addition to optimizing the user experience, integrating intelligent automation, strengthening security protocols, and expanding collaborative features, the platform maintains its position as a leading digital communication platform. During the rollout over the coming months, users can expect a more robust and secure email environment that keeps pace with the changing demands of today's digital interactions as the rollout progresses.
Read more »
Threat Intelligence
AI AI Tool Data Privacy Technology Threat Intelligence

AI and Privacy – Issues and Challenges

 

Artificial intelligence is changing cybersecurity and digital privacy. It promises better security but also raises concerns about ethical boundaries, data exploitation, and spying. From facial recognition software to predictive crime prevention, customers are left wondering where to draw the line between safety and overreach as AI-driven systems become more and more integrated into daily life.

The same artificial intelligence (AI) tools that aid in spotting online threats, optimising security procedures, and stopping fraud can also be used for intrusive data collecting, behavioural tracking, and mass spying. The use of AI-powered surveillance in corporate data mining, law enforcement profiling, and government tracking has drawn criticism in recent years. AI runs the potential of undermining rather than defending basic rights in the absence of clear regulations and transparency. 

AI and data ethics

Despite encouraging developments, there are numerous instances of AI-driven inventions going awry, which raise serious questions. A face recognition business called Clearview AI amassed one of the largest facial recognition databases in the world by illegally scraping billions of photos from social media. Clearview's technology was employed by governments and law enforcement organisations across the globe, leading to legal action and regulatory action about mass surveillance. 

The UK Department for Work and Pensions used an AI system to detect welfare fraud. An internal investigation suggested that the system disproportionately targeted people based on their age, handicap, marital status, and country. This prejudice resulted in certain groups being unfairly picked for fraud investigations, raising questions about discrimination and the ethical use of artificial intelligence in public services. Despite earlier guarantees of impartiality, the findings have fuelled calls for increased openness and supervision in government AI use. 

Regulations and consumer protection

The ethical use of AI is being regulated by governments worldwide, with a number of significant regulations having an immediate impact on consumers. The AI Act of the European Union, which is scheduled to go into force in 2025, divides AI applications into risk categories. 

Strict regulations will be applied to high-risk technology, like biometric surveillance and facial recognition, to guarantee transparency and moral deployment. The EU's commitment to responsible AI governance is further reinforced by the possibility of severe sanctions for non compliant companies. 

Individuals in the United States have more control over their personal data according to California's Consumer Privacy Act. Consumers have the right to know what information firms gather about them, to seek its erasure, and to opt out of data sales. This rule adds an important layer of privacy protection in an era where AI-powered data processing is becoming more common. 

The White House has recently introduced the AI Bill of Rights, a framework aimed at encouraging responsible AI practices. While not legally enforceable, it emphasises the need of privacy, transparency, and algorithmic fairness, pointing to a larger push for ethical AI development in policy making.
Read more »
North Korea
Cyber Intelligence Cyber Researchers Cyber Security Cyber Warfare cybersecurity research North Korea

North Korea Establishes Research Center 227 to Strengthen Cyber Warfare Capabilities

 

North Korea has reportedly launched a new cyber research unit, Research Center 227, as part of its efforts to enhance hacking capabilities and intelligence operations. According to Daily NK, this center is expected to function continuously, providing real-time support to North Korean intelligence agencies by developing advanced cyber tools. 

The initiative highlights North Korea’s increasing reliance on cyber warfare as a key component of its broader security strategy. In February 2025, North Korean leadership directed the Reconnaissance General Bureau (RGB) under the General Staff Department to strengthen the nation’s offensive cyber capabilities. As part of this directive, Research Center 227 was formed to focus on the development of sophisticated hacking techniques and cyber warfare tools. 

These efforts are primarily aimed at infiltrating foreign cybersecurity systems, disrupting critical infrastructure, and stealing sensitive data from targeted nations. The research facility will recruit approximately 90 highly skilled professionals, including graduates from top universities and individuals with advanced degrees in computer science. Unlike frontline cyber operatives who execute attacks, these researchers will focus on creating and refining malware, intrusion methods, and other offensive cyber tools. 

By centralizing its cyber research efforts, North Korea aims to develop more sophisticated digital weapons that can be deployed by operational hacking units in intelligence and espionage missions. North Korea has significantly expanded its cyber operations in recent years, with its state-sponsored hacking groups, such as Lazarus, launching large-scale attacks across the globe. These groups have been responsible for financial cybercrimes, espionage, and the theft of cryptocurrency, targeting both private companies and government agencies. 

Their activities have included spreading malware, infiltrating secure networks, and deploying information-stealing tools to compromise Western organizations. One particularly deceptive tactic used by North Korean hackers is the “Contagious Interview” campaign, in which cybercriminals pose as recruiters or hiring managers to manipulate professionals into downloading malicious software disguised as video conferencing applications. 

This technique has allowed hackers to gain access to corporate systems and steal valuable credentials. Additionally, there have been numerous cases of North Korean operatives using false identities to secure employment in global technology firms, potentially accessing critical software infrastructure or engaging in fraudulent activities. With the establishment of Research Center 227, North Korea is likely to intensify its cyber warfare operations, making its hacking activities more strategic and efficient. 

The development of custom malware, sophisticated intrusion techniques, and advanced cyber espionage methods could further increase the scale and complexity of North Korean cyberattacks. As these threats evolve, governments and cybersecurity professionals worldwide will need to bolster their defenses against the growing risks posed by North Korea’s cyber capabilities.
Read more »
Online Scams
Collectibles.com Customer Information Data Breach Online Scams

Massive Data Leak Exposes Nearly a Million Collectors – Are You at Risk?

 



A major online platform for collectible items, Collectibles.com, has accidentally exposed the private information of nearly a million users. This security flaw could put many people at risk of identity theft, fraud, and online scams, according to cybersecurity experts.  


How the Data Was Leaked  

Cybersecurity researchers from Cybernews discovered that the website had an unprotected database, meaning anyone could access it without a password. This database contained 300GB of data and over 870,000 records, each linked to a different user. The leaked information included full names, email addresses, profile pictures, account details, records of collectible card sales, and other transaction history.  

Experts warn that such leaks can be dangerous because cybercriminals might use this data for fraudulent activities, such as identity theft or phishing scams. Phishing is when scammers send fake emails or messages pretending to be from a trusted company to trick users into revealing passwords or financial information.  


What Is Collectibles.com?  

Previously known as Cardbase, Collectibles.com is an online marketplace where users can buy, sell, and track trading cards, comics, and memorabilia. In 2024, the company announced it had around 300,000 users. However, this data leak suggests the number of affected users might be much higher.  


Company’s Response and Security Concerns  

Cybernews contacted Collectibles.com to inform them about the security issue. However, aside from an automated response, the company did not take immediate action. It took ten days for the exposed database to be secured, but it remains unclear how long the data was accessible before it was discovered.  

There is also uncertainty about whether hackers accessed the information before Cybernews reported it. If cybercriminals obtained this data, they could already be using it for scams or fraud.  


Why Do These Leaks Happen?  

One of the main reasons for data leaks is unsecured cloud databases. Many companies store customer information online but do not always follow proper security practices. Some businesses assume that cloud providers are fully responsible for security, but in reality, companies must also take steps to protect their data.  

Cybercriminals and researchers alike use tools to search the internet for unprotected databases. Once found, these databases can be exploited in different ways, from selling private information to launching scams.  


How Users Can Protect Themselves  

If you have an account on Collectibles.com, consider taking the following steps:  

1. Change your password immediately to ensure your account remains secure.  

2. Enable two-factor authentication (2FA) to add an extra layer of protection.  

3. Be cautious of phishing emails that may try to trick you into revealing personal details.  

4. Monitor your accounts for suspicious activity and report anything unusual.  

Cybersecurity experts emphasize that companies must take data security seriously to prevent such leaks. At the same time, users should remain cautious and take steps to protect their personal information online.  


Read more »
User Security
Cyber Fraud Frankenstein fraud Identity Theft Online Safety Synthetic Identity Fraud User Security

Frankenstein Scam: Here's How to Safeguard Yourself Against Synthetic Identity Fraud

 

Identity theft is not always as straightforward as acquiring one person's information; stolen identities can be put together from several sources. This rising crime, known as synthetic identity fraud or "Frankenstein fraud," involves combining someone's Social Security number with information from other people to establish a new, fake identity.

To safeguard yourself from this and other types of identity theft, look into the finest identity theft protection services. Criminals frequently target the most vulnerable people, including children, the homeless, and the elderly. The offender can then use his new name to borrow money. If a fraudster succeeds, the real owner of the SSN may be held liable.

Modus operandi

Synthetic identity fraud requires patience on the part of the criminal, especially if they use a child's Social Security number. The identity is created by combining a valid Social Security number with an unrelated name, address, date of birth, phone number, or other piece of identifying information to make a new "whole" identity. Criminals can buy Social Security numbers on the dark web, acquire them from data breaches, or defraud people using phishing attacks and other frauds. 

Synthetic identity theft thrives because of a basic vulnerability in the American financial and credit systems. When a criminal creates a synthetic identity to request for a loan, the lender often denies credit because there is no record of that identity in their system. The thieves anticipate this because youngsters and teenagers may have little credit or a limited history, and the elderly may have poor credit scores. 

When an identity applies for an account and is reported to a credit bureau, it is shared with other credit agencies. That conduct is sufficient to allow credit bureaus to identify the synthetic identity as a real person, even if there is minimal activity or evidence to corroborate its authenticity. Once the identity has been established, the fraudsters can begin borrowing credit from lenders.

Prevention tips

Synthetic identity fraud may seem frightening, but there are actions you can take to limit how thieves can utilise your identifying data. 

Freeze your credit report: No one can open new credit lines in your name since a credit freeze stops creditors from viewing your credit reports. Unless your credit is first unfrozen with each of the major credit agencies, this also applies to you. 

Although the procedure for freezing a child's credit is a little more complicated, freezing their credit is also one of the greatest ways to cut off the source of synthetic identity fraud, which mostly depends on obtaining the Social Security numbers of children and the elderly. In a similar vein, you may help stop someone from using your Social Security number without your knowledge by freezing it.

Check credit reports regularly: If you do not freeze your credit reports, make sure to check them on a regular basis for any questionable activity. Be especially aware of any other names, residences, or employers associated with your credit file. You can also join up for free credit monitoring, such as Capital One's CreditWise, which searches the dark web for your personally identifiable information. 

Additionally, you can utilise an identity theft protection service to automate reviewing your credit reports or to alert you if your information is compromised in a breach. AnnualCreditReport.com also offers a free weekly credit report.
Read more »
Security Flaws
Cyber Security Extension Malware Detection Malwares Marketplace Microsoft Microsoft security Ransomwares Security Flaws

Ransomware Found in VSCode Extensions Raises Concerns Over Microsoft’s Security Review

 

Cybersecurity experts have discovered ransomware hidden within two Visual Studio Code (VSCode) Marketplace extensions, raising concerns about Microsoft’s ability to detect malicious software in its platform. The compromised extensions, named “ahban.shiba” and “ahban.cychelloworld,” were downloaded by users before security researchers flagged them and they were subsequently removed. 

Despite Microsoft’s security measures, the extensions remained publicly accessible for a significant period, highlighting potential gaps in the company’s review process. The “ahban.cychelloworld” extension was first uploaded on October 27, 2024, followed by “ahban.shiba” on February 17, 2025. The VSCode Marketplace, designed to provide developers with additional tools for Microsoft’s popular coding platform, has come under scrutiny for failing to identify these threats. 

Researchers at ReversingLabs determined that both extensions included a PowerShell script that connected to a remote Amazon Web Services (AWS) server to download further malicious code. This secondary payload functioned as ransomware, though evidence suggests it was still in a testing phase. 

Unlike traditional ransomware that encrypts entire systems, this malware specifically targeted files stored in C:\users%username%\Desktop\testShiba.  Once the encryption was complete, victims received a Windows notification stating: “Your files have been encrypted. Pay 1 ShibaCoin to ShibaWallet to recover them.” However, no further instructions or payment details were provided, suggesting the malware was not yet fully developed.  

Although Microsoft eventually removed the extensions, security researcher Italy Kruk from ExtensionTotal disclosed that their automated detection system had identified the malicious code much earlier. Kruk stated that they had alerted Microsoft about the issue but received no response. Further analysis revealed that the initial version of “ahban.cychelloworld” was clean, but the ransomware was introduced in version 0.0.2, which was released on November 24, 2024. ExtensionTotal flagged this version to Microsoft on November 25, yet the extension remained available for months. 

During this time, five more versions were uploaded, all containing the same ransomware. This case has intensified concerns about Microsoft’s ability to monitor third-party extensions effectively. The security lapse within the VSCode Marketplace highlights the risk developers face when downloading extensions, even from official sources. Microsoft has previously faced criticism for both slow responses to security threats and for mistakenly removing non-malicious extensions. 

A notable example involved two popular VSCode themes, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ which were taken down due to suspected obfuscated JavaScript. However, after further review, Microsoft determined the extensions were safe, reinstated them, and apologized, promising improvements to its security screening process. The presence of ransomware in widely used developer tools underscores the need for stronger security measures. Developers must stay cautious, regularly update security protocols, and carefully evaluate third-party extensions before installing them, even when they come from official platforms like the VSCode Marketplace.
Read more »
malware
Advanced Technology AI CyberCrime Cybersecurity CyberThreat malware

Attackers Exploit Click Tolerance to Deliver Malware to Users


 

The Multi-Factor Authentication (MFA) system has been a crucial component of modern cybersecurity for several years now. It is intended to enhance security by requiring additional forms of verification in addition to traditional passwords. MFA strengthens access control by integrating two or more authentication factors, which reduces the risk of credential-based attacks on the network. 

Generally, authentication factors are divided into three categories: knowledge-based factors, such as passwords or personal identification numbers (PINs); possession-based factors, such as hardware tokens sent to registered devices or one-time passcodes sent to registered devices; as well as inherent factors, such as fingerprints, facial recognition, or iris scans, which are biometric identifiers used to verify identity. Although Multi-factor authentication significantly reduces the probability that an unauthorized user will gain access to the computer, it is not entirely foolproof.

Cybercriminals continue to devise sophisticated methods to bypass authentication protocols, such as exploiting implementation gaps, exploiting technical vulnerabilities, or influencing human behaviour. With the evolution of threats, organizations need proactive security strategies to strengthen their multifactor authentication defences, making sure they remain resilient against new attack vectors. 

Researchers have recently found that cybercriminals are exploiting users' familiarity with verification procedures to deceive them into unknowingly installing malicious software on their computers. The HP Wolf Security report indicates that multiple threat campaigns have been identified in which attackers have taken advantage of the growing number of authentication challenges that users face to verify their identities, as a result of increasing the number of authentication challenges. 

The report discusses an emerging tactic known as "click tolerance" that highlights how using authentication protocols often has conditioned users to follow verification steps without thinking. Because of this, individuals are more likely to be deceptively prompted, which mimic legitimate security measures, as a result. 

Using this behavioural pattern, attackers deployed fraudulent CAPTCHAs that directed victims to malicious websites and manipulated them into accepting counterfeit authentication procedures designed to trick users into unwittingly granting them access or downloading harmful payloads. As a result of these fraudulent CAPTCHAs, attackers were able to leverage this pattern. 

For cybersecurity awareness to be effective and for security measures to be more sophisticatedtoo counter such deceptive attack strategies, heightened awareness and more sophisticated security measures are needed. A similar strategy was used in the past to steal one-time passcodes (OTPs) through the use of multi-factor authentication fatigue. The new campaign illustrates how security measures can unintentionally foster complacency in users, which is easily exploited by attackers. 

Pratt, a cybersecurity expert, states that the attack is designed to take advantage of the habitual engagement of users with authentication processes to exploit them. People are increasingly having difficulty distinguishing between legitimate security procedures and malicious attempts to deceive them, as they become accustomed to completing repetitive, often tedious verification steps. "The majority of users have become accustomed to receiving authentication prompts, which require them to complete a variety of steps to access their account. 

To verify access or to log in, many people follow these instructions without thinking about it. According to Pratt, cybercriminals are now exploiting this behaviour pattern by using fake CAPTCHAs to manipulate users into unwittingly compromising their security as a result of this behavioural pattern." As he further explained, this trend indicates a significant gap in employee cybersecurity training. Despite the widespread implementation of phishing awareness programs, many fail to adequately address what should be done once a user has fallen victim to an initial deception in the attack chain. 

To reduce the risks associated with these evolving threats, it is vital to focus training initiatives on post-compromise response strategies. When it comes to dealing with cyber threats in the age of artificial intelligence, organizations should adopt a proactive, comprehensive security strategy that will ensure that the entire digital ecosystem is protected from evolving threats. By deploying generative artificial intelligence as a force multiplier, threat detection, prevention, and response capability will be significantly enhanced. 

For cybersecurity resilience to be strengthened, the following key measures must be taken preparation, prevention, and defense. Security should begin with a comprehensive approach, utilizing Zero Trust principles to secure digital assets throughout their lifecycle, from devices to identities to infrastructure to data, cloud environments, networks, and artificial intelligence systems to secure digital assets. Taking such measures also entails safeguarding devices, identities, infrastructures, data, and networks.

To ensure robust identity verification, it is essential to use AI-powered analytics to monitor user and system behaviour to identify potential security breaches in real-time, and to identify potential security threats. To implement explicit authentication, AI-driven biometric authentication methods need to be paired with phishing-resistant protocols like Fast Identity Online (FIDO) and Multifactor Authentication (MFA) which can protect against phishing attacks. 

It has been shown that passwordless authentication increases security, and continuous identity infrastructure management – including permission oversight and removing obsolete applications – reduces vulnerability. In order to accelerate mitigation efforts, we need to implement generative artificial intelligence with Extended Detection and Response (XDR) solutions. These technologies can assist in identifying, investigating, and responding to security incidents quickly and efficiently. 

It is also critical to integrate exposure management tools with organizations' security posture to help them prevent breaches before they occur. Protecting data remains the top priority, which requires the use of enhanced security and insider risk management. Using AI-driven classification and protection mechanisms will allow sensitive data to be automatically secured across all environments, regardless of their location. It is also essential for organizations to take advantage of insider risk management tools that can identify anomalous user activities as well as data misuse, enabling timely intervention and risk mitigation. 

Organizations need to ensure robust AI security and governance frameworks are in place before implementing AI. It is imperative to conduct regular red teaming exercises to identify vulnerabilities in the system before they can be exploited by real-world attackers. An understanding of artificial intelligence applications within the organization is crucial to ensuring that AI technologies are deployed in accordance with security, privacy, and ethical standards. To maintain system integrity, updates of both software and firmware must be performed consistently. 

Automating patch management can prevent attackers from exploiting known security gaps by remediating vulnerabilities promptly. To maintain good digital hygiene, it is important not to overlook these practices. Keeping browsing data, such as users' history, cookies, and cached site information, clean reduces their exposure to online threats. Users should also avoid entering sensitive personal information on insecure websites, which is also critical to preventing online threats. Keeping digital environments secure requires proactive monitoring and threat filtering. 

The organization should ensure that advanced phishing and spam filters are implemented and that mobile devices are configured in a way that blocks malicious content on them. To enhance collective defences, the industry needs to collaborate to make these defences more effective. Microsoft Sentinel is a platform powered by artificial intelligence, which allows organizations to share threat intelligence, thus creating a unified approach to cybersecurity, which will allow organizations to be on top of emerging threats, and it is only through continuous awareness and development of skills that a strong cybersecurity culture can be achieved.

Employees must receive regular training on how to protect their assets as well as assets belonging to the organization. With an AI-enabled learning platform, employees can be upskilled and retrained to ensure they remain prepared for the ever-evolving cybersecurity landscape, through upskilling and reskilling.
Read more »
zero-click
Data Breach Hackers paragon Spyware WhatsApp zero-click

WhatsApp Fixes Security Flaw Exploited by Spyware

 



WhatsApp recently fixed a major security loophole that was being used to install spyware on users' devices. The issue, known as a zero-click, zero-day vulnerability, allowed hackers to access phones without the user needing to click on anything. Security experts from the University of Toronto’s Citizen Lab uncovered this attack and linked it to Paragon’s spyware, called Graphite.  

The flaw was patched by WhatsApp in late 2023 without requiring users to update their app. The company also chose not to assign a CVE-ID to the vulnerability, as it did not meet specific reporting criteria.  

A WhatsApp spokesperson confirmed that hackers used the flaw to target certain individuals, including journalists and activists. WhatsApp directly reached out to around 90 affected users across multiple countries.  


How the Attack Worked  

Hackers used WhatsApp groups to launch their attacks. They added their targets to a group and sent a malicious PDF file. As soon as the file reached the victim’s phone, the device automatically processed it. This triggered the exploit, allowing the spyware to install itself without any user action.  

Once installed, the spyware could access sensitive data and private messages. It could also move beyond WhatsApp and infect other apps by bypassing Android’s security barriers. This gave attackers complete control over the victim’s device.  


Who Was Targeted?  

According to Citizen Lab, the attack mostly focused on individuals who challenge governments or advocate for human rights. Journalists, activists, and government critics were among the key targets. However, since only 90 people were officially notified by WhatsApp, experts believe the actual number of victims could be much higher.  

Researchers found a way to detect the spyware by analyzing Android device logs. They identified a forensic marker, nicknamed "BIGPRETZEL," that appears on infected devices. However, spotting the spyware is still difficult because Android logs do not always capture all traces of an attack.  


Spyware Linked to Government Agencies  

Citizen Lab also investigated the infrastructure used to operate the spyware. Their research uncovered multiple servers connected to Paragon’s spyware, some of which were linked to government agencies in countries like Australia, Canada, Cyprus, Denmark, Israel, and Singapore. Many of these servers were rented through cloud platforms or hosted directly by government agencies.  

Further investigation revealed that the spyware's digital certificates contained the name “Graphite” and references to installation servers. This raised concerns about whether Paragon's spyware operates similarly to Pegasus, another surveillance tool known for being used by governments to monitor individuals.  


Who Is Behind Paragon Spyware?  

Paragon Solutions Ltd., the company behind Graphite spyware, is based in Israel. It was founded in 2019 by Ehud Barak, Israel’s former Prime Minister, and Ehud Schneorson, a former commander of Unit 8200, an elite Israeli intelligence unit.  

Paragon claims that it only sells its technology to democratic governments for use by law enforcement agencies. However, reports have shown that U.S. agencies, including the Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE), have purchased and used its spyware.  

In December 2024, a U.S.-based investment firm, AE Industrial Partners, bought Paragon, further raising questions about its future operations and how its surveillance tools may be used.  


Protecting Yourself from Spyware  

While WhatsApp has fixed this specific security flaw, spyware threats continue to evolve. Users can take the following steps to protect themselves:  

1. Update Your Apps: Always keep your apps updated, as companies frequently release security patches.  

2. Be Cautious of Unknown Files: Never open suspicious PDFs, links, or attachments from unknown sources.  

3. Enable Two-Factor Authentication: Adding an extra layer of security to your accounts makes it harder for hackers to break in.  

4. Check Your Device Logs: If you suspect spyware, seek professional help to analyze your phone’s activity.  

Spyware attacks are becoming more advanced, and staying informed is key to protecting your privacy. WhatsApp’s quick response to this attack highlights the ongoing battle against cyber threats and the need for stronger security measures.  


Read more »
Ransomwares
Backdoor Backdoor Attacks Critical Infrastructure Cyber Attacks RansomHub ransomware ransomware attacks Ransomwares

Betruger Backdoor Linked to RansomHub Ransomware Attacks on Critical Infrastructure

 

A newly discovered backdoor malware, dubbed Betruger, has been identified in multiple recent ransomware attacks. Researchers at Symantec believe at least one affiliate of the RansomHub ransomware-as-a-service (RaaS) operation is using this sophisticated tool to facilitate cyber intrusions. 

Unlike many conventional malware strains, Betruger functions as a multi-purpose backdoor designed to prepare networks for ransomware deployment while minimizing the need for additional malicious software. Betruger comes equipped with several advanced features commonly associated with pre-ransomware attack stages. These include keylogging, network scanning, privilege escalation, credential theft, screenshot capture, and the ability to upload files to a command-and-control (C2) server. 

Its design suggests that attackers are looking to streamline their intrusion process, reducing reliance on multiple external tools and instead using a single, custom-built malware to execute various attack functions. This approach is relatively rare, as ransomware operators typically rely on widely available tools such as Mimikatz and Cobalt Strike to conduct their attacks. To avoid detection, cybercriminals are disguising Betruger under the filenames ‘mailer.exe’ and ‘turbomailer.exe,’ making it appear like a legitimate email-related application. 

While other ransomware groups have developed proprietary tools for data exfiltration, such as BlackMatter’s Exmatter and BlackByte’s Exbyte, Betruger appears to have a broader range of capabilities beyond just stealing data. The emergence of Betruger coincides with ongoing attacks by RansomHub, a ransomware operation that has been active since February 2024. Previously known as Cyclops and Knight, RansomHub has gained a reputation for focusing on extortion through data theft rather than encrypting victim files. 

Over the past year, the group has targeted several major organizations, including Halliburton, Christie’s, Frontier Communications, Rite Aid, and Kawasaki’s EU division. It was also responsible for leaking Change Healthcare’s stolen data after the BlackCat/ALPHV group’s $22 million exit scam. More recently, RansomHub claimed responsibility for breaching BayMark Health Services, a leading addiction treatment provider in North America. 

The company operates over 400 treatment centers across the U.S. and Canada, serving approximately 75,000 patients daily. The FBI has linked RansomHub affiliates to more than 200 ransomware attacks affecting various critical infrastructure sectors in the U.S., including government agencies, healthcare institutions, and other essential services. With the deployment of Betruger, the group’s operations appear to be evolving, indicating a continued threat to businesses and organizations worldwide.
Read more »
Oracle Cloud
Data Breach Data Leak Data Theft Login Servers Oracle Cloud

Oracle Denies Claim of Server Breach

 

Following a threat actor's claim to be selling 6 million data records allegedly stolen from Oracle Cloud's federated SSO login servers, Oracle denies that it was compromised. 

“There has been no breach of Oracle Cloud. The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data," the company noted. 

This accusation follows the release of many text files yesterday by a threat actor going by the moniker rose87168, which included a sample database, LDAP details, and a list of the businesses they said were pilfered from Oracle Clouds' SSO platform.

The threat actor provided BleepingComputer with this URL as additional evidence that they were able to access Oracle Cloud servers. It displays an Internet Archive URL indicating that they submitted a.txt file to the login.us2.oraclecloud.com server that contained their ProtonMail email address.

The attackers uploaded a text file with their email address without having access to Oracle Cloud servers, as BleepingComputer explained when they got in touch with Oracle once more. 

Alleged Oracle data leak 

Rose87168 is currently offering the allegedly stolen data from Oracle Cloud's SSO service for an undisclosed fee or in exchange for zero-day exploits on the BreachForums hacking community. The information, which included enterprise manager JPS keys, Java Keystore (JKS) files, and encrypted SSO passwords, was allegedly stolen during an intrusion into Oracle servers based in 'login.(region-name).oraclecloud.com'.

"The SSO passwords are encrypted, they can be decrypted with the available files. also LDAP hashed password can be cracked," rose87168 says. "I'll list the domains of all the companies in this leak. Companies can pay a specific amount to remove their employees' information from the list before it's sold.” 

They've also promised to share part of the data with anyone who can help decrypt the SSO or LDAP credentials. The threat actor told BleepingComputer that they acquired access to Oracle Cloud servers about 40 days ago and claimed to have emailed the firm after exfiltrating data from the US2 and EM2 regions.

In the email conversation, rose87168 said that they asked Oracle to pay 100,000 XMR for information on how they infiltrated the systems, but the company allegedly refused to pay after requesting for "all information needed for fix and patch.” 

When questioned how they breached the servers, the attackers stated that all Oracle Cloud servers are running a vulnerable version with a public CVE (flaw) that does not yet have a public PoC or exploit. However, BleepingComputer was unable to independently verify whether this was the case.
Read more »
Jira server breach
Ascom cyberattack Cyber Attacks Cybersecurity Threats HellCat hackers Jira server breach

Ascom Confirms Cyberattack as HellCat Hackers Exploit Jira Servers

 

Swiss telecommunications company Ascom has disclosed a cyberattack on its IT infrastructure, confirming that the hacker group HellCat exploited compromised credentials to target Jira servers worldwide.

In an official statement, Ascom revealed that its technical ticketing system was breached on Sunday. The company has since launched an investigation to assess the impact of the attack.

With a presence in 18 countries, Ascom specializes in wireless on-site communication solutions. The HellCat hacking group has taken responsibility for the breach and informed BleepingComputer that it has stolen approximately 44GB of data, potentially affecting all divisions of the company.

Ascom assured that despite the intrusion into its technical ticketing system, the attack has not disrupted business operations. The company emphasized that its customers and partners do not need to take any precautionary measures.

“Investigations against such criminal offenses were initiated immediately and are ongoing. Ascom is working closely with the relevant authorities.” – Ascom

Rey, a representative of the HellCat hacking group, claimed that the stolen data includes source codes for multiple products, project details, invoices, confidential documents, and issue logs from Ascom’s ticketing system.

While Ascom has not shared technical specifics about the breach, HellCat has a track record of exploiting Jira ticketing systems, which are commonly used by software development and IT teams. These platforms often store critical data such as source code, authentication keys, IT roadmaps, customer information, and internal project discussions.

HellCat’s Widespread Jira Exploits

HellCat has previously been linked to cyberattacks on major corporations, including Schneider Electric, Telefónica, and Orange Group, all of which suffered breaches through their Jira servers.

Recently, the group also claimed responsibility for hacking British automaker Jaguar Land Rover (JLR), leaking around 700 internal documents. According to the hackers, the stolen data includes development logs, tracking information, source codes, and sensitive employee records.

“At the heart of this latest incident lies a technique that has become HELLCAT’s signature: exploiting Jira credentials harvested from compromised employees that were infected by Infostealers.” – Alon Gal, Co-founder and CTO, Hudson Rock

Gal noted that the JLR breach occurred through credentials belonging to an LG Electronics employee with third-party access to JLR’s Jira server. He further pointed out that these compromised credentials had been exposed for years but remained valid, enabling the hackers to infiltrate the system.

HellCat’s cyber activity has continued, with the group announcing another breach—this time targeting Affinitiv, a marketing and data analytics company serving OEMs and dealerships in the automotive sector. The hackers claim to have accessed Affinitiv’s Jira system, stealing a database containing over 470,000 unique email addresses and more than 780,000 records.

Affinitiv has acknowledged the reported attack and confirmed that an investigation is underway.

To validate their claims, the hackers have published screenshots revealing names, email addresses, postal addresses, and dealership details.

Cybersecurity experts warn that Jira has become a prime target for attackers due to its role in enterprise workflows and the vast amount of sensitive data it contains. Gaining unauthorized access can allow threat actors to move laterally, escalate privileges, and exfiltrate critical information.

Given the ease of acquiring credentials compromised by infostealers and the fact that many remain unchanged for extended periods, experts caution that such attacks may become increasingly common.


Read more »
Vulnerabilities
Artificial Intelligence ChatGPT cybercriminals Cybersecurity Ransomware Vulnerabilities

Cybercriminals Exploit Psychological Vulnerabilities in Ransomware Campaigns

 


During the decade of 2025, the cybersecurity landscape has drastically changed, with ransomware from a once isolated incident to a full-sized global crisis. No longer confined to isolated incidents, these attacks are now posing a tremendous threat to economies, governments, and public services across the globe. There is a wide range of organizations across all sectors that find themselves exposed to increasingly sophisticated cyber threats, ranging from multinational corporations to hospitals to schools. It is reported in Cohesity’s Global Cyber Resilience Report that 69% of organizations have paid ransom demands to their suppliers in the past year, which indicates just how much pressure businesses have to deal with when such attacks happen. 

The staggering number of cybercrime cases highlights the need for stronger cybersecurity measures, proactive threat mitigation strategies and a heightened focus on digital resilience. With cybercriminals continuously improving their tactics, organizations need to develop innovative security frameworks, increase their threat intelligence capabilities, and foster a culture of cyber vigilance to be able to combat this growing threat. The cybersecurity landscape in 2025 has changed significantly, as ransomware has evolved into a global crisis of unprecedented proportions. 

The threat of these attacks is not just limited to isolated incidents but has become a significant threat to governments, industries, and essential public services. Across the board, companies of all sizes are increasingly vulnerable to cyber threats, from multinational corporations to hospitals and schools. In the last year, Cohesity released its Global Cyber Resilience Report, which revealed that 69% of organizations paid ransom demands, indicating the immense pressure that businesses face in the wake of such threats. 

This staggering figure underscores how urgent it is that we take more aggressive cybersecurity measures, develop proactive threat mitigation strategies, and increase our emphasis on digital resilience to prevent cyberattacks from taking place. Organizations must embrace new security frameworks, strengthen threat intelligence capabilities, and cultivate a culture of cyber vigilance to combat this growing threat as cybercriminals continue to refine their tactics. A persistent cybersecurity threat for decades, ransomware remains one of the biggest threats today. 

However, the first global ransom payment exceeded $1 billion in 2023, marking a milestone that hasn't been achieved in many years. Cyber extortion increased dramatically at this time, as cyber attackers constantly refined their tactics to maximize the financial gains that they could garner from their victims. The trend of cybercriminals developing increasingly sophisticated methods and exploiting vulnerabilities, as well as forcing organizations into compliance, has been on the rise for several years. However, recent data indicates a significant shift in this direction. It is believed that in 2024, ransomware payments will decrease by a substantial 35%, mainly due to successful law enforcement operations and the improvement of cyber hygiene globally.

As a result of enhanced security measures, increased awareness, and a stronger collective resistance, victims of ransom attacks have become increasingly confident they can refuse ransom demands. However, cybercriminals are quick to adapt, altering their strategies quickly to counteract these evolving defences to stay on top of the game. A response from them has been to increase their negotiation tactics, negotiating more quickly with victims, while simultaneously developing stealthier and more evasive ransomware strains to be more stealthy and evasive. 

Organizations are striving to strengthen their resilience, but the ongoing battle between cybersecurity professionals and cybercriminals continues to shape the future of digital security. There has been a new era in ransomware attacks, characterized by cybercriminals leveraging artificial intelligence in increasingly sophisticated manners to carry out these attacks. Using freely available AI-powered chatbots, malicious code is being generated, convincing phishing emails are being sent, and even deepfake videos are being created to entice individuals to divulge sensitive information or transfer funds by manipulating them into divulging sensitive information. 

By making the barriers to entry much lower for cyber-attacking, even the least experienced threat actors are more likely to be able to launch highly effective cyber-attacks. Nevertheless, artificial intelligence is not being used only by attackers to commit crimes. There have been several cases where victims have attempted to craft the perfect response to a ransom negotiation using artificial intelligence-driven tools like ChatGPT, according to Sygnia's ransomware negotiation teams. 

The limitations of AI become evident in high-stakes interactions with cybercriminals, even though they can be useful in many areas. According to Cristal, Sygnia’s CEO, artificial intelligence lacks the emotional intelligence and nuance needed to successfully navigate these sensitive conversations. It has been observed that sometimes artificial intelligence-generated responses may unintentionally escalate a dispute by violating critical negotiation principles, such as not using negative language or refusing to pay outright.

It is clear from this that human expertise is crucial when it comes to managing cyber extortion scenarios, where psychological insight and strategic communication play a vital role in reducing the potential for damage. Earlier this year, the United Kingdom proposed banning ransomware payments, a move aimed at deterring cybercriminals by making critical industries less appealing targets for cybercriminals. This proposed legislation would affect all public sector agencies, schools, local councils, and data centres, as well as critical national infrastructure. 

By reducing the financial incentive for attackers, officials hope to decrease both the frequency and severity of ransomware incidents across the country to curb the number of ransomware incidents. However, the problem extends beyond the UK. In addition to the sanctions issued by the Office of Foreign Assets Control, several ransomware groups that have links to Russia and North Korea have already been sanctioned. This has made it illegal for American businesses and individuals to pay ransoms to these organizations. 

Even though ransomware is restricted in this manner, experts warn that outright bans are not a simple or universal solution to the problem. As cybersecurity specialists Segal and Cristal point out, such bans remain uncertain in their effectiveness, since it has been shown that attacks fluctuate in response to policy changes, according to the experts. Even though some cybercriminals may be deterred by such policies, other cybercriminals may escalate their tactics, reverting to more aggressive threats or increasing their personal extortion tactics. 

The Sygnia negotiation team continues to support the notion that ransom payments should be banned within government sectors because some ransomware groups are driven by geopolitical agendas, and these goals will be unaffected by payment restrictions. Even so, the Sygnia negotiation team believes that government institutions should not be able to make ransom payments because they are better able to handle financial losses than private companies. 

Governments can afford a strong stance against paying ransoms, as Segal pointed out, however for businesses, especially small and micro-sized businesses, the consequences can be devastating if they fail to do so. It was noted in its policy proposal that the Home Office acknowledges this disparity, noting that smaller companies, often lacking ransomware insurance or access to recovery services, can have difficulty recovering from operational disruptions and reputational damage when they suffer from ransomware attacks. 

Some companies could find it more difficult to resolve ransomware demands if they experience a prolonged cyberattack. This might lead to them opting for alternative, less transparent methods of doing so. This can include covert payment of ransoms through third parties or cryptocurrencies, allowing hackers to receive money anonymously and avoid legal consequences. The risks associated with such actions, however, are considerable. If they are discovered, businesses can be subjected to government fines on top of the ransom, which can further worsen their financial situation. 

Additionally, full compliance with the ban requires reporting incidents to authorities, which can pose a significant administrative burden to small businesses, especially those that are less accustomed to dealing with technology. Businesses are facing many challenges in the wake of a ransomware ban, which is why experts believe a comprehensive approach is needed to support them in the aftermath of this ban.

Sygnia's Senior Vice President of Global Cyber Services, Amir Becker, stressed the importance of implementing strategic measures to mitigate the unintended consequences of any ransom payment ban. It has been suggested that exemptions for critical infrastructure and the healthcare industries should be granted, since refusing to pay a ransom may lead to dire consequences, such as loss of life. Further, the government should offer incentives for organizations to strengthen their cybersecurity frameworks and response strategies by creating incentives like these.

A comprehensive financial and technical assistance program would be required to assist affected businesses in recovering without resorting to ransom payments. To address the growing ransomware threat effectively without disproportionately damaging small businesses and the broader economy, governments must adopt a balanced approach that entails enforcing stricter regulations while at the same time providing businesses with the resources they need to withstand cyberattacks.
Read more »
vite
Cyber Attacks Hackers Mallicious URLs vite

Security Warning: New Vite Vulnerability Exposes Private Files

 



A serious security issue has been discovered in Vite, a widely used tool for building web applications. This flaw, identified as CVE-2025-30208, allows attackers to access restricted files on a server. If exploited, it could lead to leaks of sensitive data and potential security risks.  


How the Vulnerability Works  

Vite’s development server is designed to block access to certain files, ensuring that only permitted content is available. However, researchers have found a way to bypass these restrictions using specific URL parameters. By adding "?raw??"or "?import&raw??" to a web address, hackers can trick the system into providing access to protected files.  


Who Is at Risk?  

This issue only affects developers who have made their Vite development server accessible over the internet. Normally, this server is used for local testing, but some developers configure it to be available outside their network using options like “–host” or “server.host.” If a server is open in this way, attackers can use the vulnerability to retrieve private information.  


How Hackers Can Exploit This Flaw  

The problem occurs because Vite handles web addresses incorrectly. In some parts of the system, special characters like “?” are removed, while other parts fail to detect these changes. This inconsistency allows hackers to bypass security restrictions and gain access to files they should not be able to see.  

A Proof-of-Concept (PoC) exploit has already been released, showing how attackers can use this flaw to steal sensitive data. For example, one attack method attempts to read the “.bash_history” file, which can contain records of past commands, stored passwords, and other important details.  


Affected Versions  

This security weakness is present in several versions of Vite, including:  

• 6.2.0 to 6.2.2  

• 6.1.0 to 6.1.1  

• 6.0.0 to 6.0.11  

• 5.0.0 to 5.4.14  

• All versions before 4.5.9  


How to Stay Safe  

To protect against this threat, developers using affected versions of Vite should update immediately to a secure version. The patched versions are:  

• 6.2.3 and newer 

• 6.1.2 and newer  

• 6.0.12 and newer  

• 5.4.15 and newer 

• 4.5.10 and newer  

Additionally, it is best to avoid exposing Vite’s development server to the internet unless absolutely necessary. Keeping development environments private reduces the risk of attacks and protects sensitive data.  

This vulnerability is a reminder that keeping software up to date is essential for security. Developers should act quickly to install the latest patches and ensure their applications remain protected from cyber threats.

Read more »
User Security
Bank Scam Cyber Fraud Data Leak Financial Scam Fraudulent Message User Security

Five Ways to Identify a Bank Fraud And Stay Safe

 

It is not unusual for your bank to try to contact you. However, some of those emails and phone calls are simply scammers taking advantage of your trust in your bank to scam you. In general, you should be extremely sceptical of any unexpected messages. 

Modus operandi

You receive a phone call claiming to be from your bank informing you of a problem with your account. This is typically used for security purposes, such as informing you when someone is unlawfully accessing your account or has stolen your identity. 

Their response is to ask you to transfer all funds to a safe account' while the problem is resolved. The problem is that no one is attempting to access your account, and you are sending money directly to the crooks. The funds are then moved swiftly to other accounts around the world. 

Additionally, bank transfer scams might be the most common telephone, or vishing, scam, but they are far from the only one. Others may attempt to gain remote control of your computer by claiming there is a problem with your internet connection or that you have a virus.

In reality, they use this time to install malware on your computer and steal your personal information. Another strategy is to claim you're eligible for a refund or compensation but have received too much. You will then be asked to return the difference. 

How to detect a scam  

Urgency:  Fraudulent mails can generate a sense of urgency or mislead you into acting quickly. They may warn you about account termination, blocking your ATM card, or missing out on a limited-time promotion. Be wary of messages that urge you to take immediate action. 

Sender information: Legitimate banks usually send messages from certain phone numbers or email addresses. Be wary of messages from unknown phones or addresses that use generic greetings such as "Dear Customer" instead of your name. 

Personal data: Real banks would never request critical information such as your password, CVV code, OTP (One Time Password), or entire account number over SMS or email. If a message prompts you to update or verify such information, do not answer and instead contact your bank immediately. 

Grammatical errors: Legitimate bank messages are usually well-written and formatted. Typos, grammatical errors, and unprofessional language can all be indicators of a fake message. 

Verify: If you are unsure regarding a message, always contact your bank immediately using their official contact information (phone number or website) to enquire about its legality.

Better safe than sorry

The Federal Trade Commission reports that last year, fraud cost consumers over $12.5 billion. You can take measures to make it difficult for a bad actor to leave with anything, even though it could be simple for them to contact you by email, text, or social media. It's wise to use caution when dealing with something as important as your finances.
Read more »
Malwares
Arcane Cyber Attacks Data Safety User Data data security Data Stealer Discord Infostealer Infostealer Malware Kaspersky Malwares

Arcane Malware Steals VPN, Gaming, and Messaging Credentials in New Cyber Threat

 

A newly identified malware strain, Arcane, is making headlines for its ability to steal a vast range of user data. This malicious software infiltrates systems to extract sensitive credentials from VPN services, gaming platforms, messaging apps, and web browsers. Since its emergence in late 2024, Arcane has undergone several modifications, increasing its effectiveness and expanding its reach. 

Unlike other cyber threats with long-established histories, Arcane is not linked to previous malware versions carrying a similar name. Analysts at Kaspersky have observed that the malware primarily affects users in Russia, Belarus, and Kazakhstan. This is an unusual pattern, as many Russian-based cybercriminal groups tend to avoid targeting their home region to steer clear of legal consequences. 

Additionally, communications linked to Arcane’s operators suggest that they are Russian-speaking, reinforcing its likely origin. The malware spreads through deceptive content on YouTube, where cybercriminals post videos promoting game cheats and cracked software. Viewers are enticed into downloading files that appear legitimate but contain hidden malware. Once opened, these files initiate a process that installs Arcane while simultaneously bypassing Windows security settings. 

This allows the malware to operate undetected, giving hackers access to private information. Prior to Arcane, the same group used a different infostealer known as VGS, a modified version of an older trojan. However, since November 2024, they have shifted to distributing Arcane, incorporating a new tool called ArcanaLoader. This fake installer claims to provide free access to premium game software but instead delivers the malware. 

It has been heavily marketed on YouTube and Discord, with its creators even offering financial incentives to content creators for promoting it. Arcane stands out because of its ability to extract detailed system data and compromise various applications. It collects hardware specifications, scans installed software, and retrieves login credentials from VPN clients, communication platforms, email services, gaming accounts, and cryptocurrency wallets. Additionally, the malware captures screenshots, which can expose confidential information visible on the victim’s screen. 

Though Arcane is currently targeting specific regions, its rapid evolution suggests it could soon expand to a broader audience. Cybersecurity experts warn that malware of this nature can lead to financial theft, identity fraud, and further cyberattacks. Once infected, victims must reset all passwords, secure compromised accounts, and ensure their systems are thoroughly cleaned. 

To reduce the risk of infection, users are advised to be cautious when downloading third-party software, especially from unverified sources. Game cheats and pirated programs often serve as delivery methods for malicious software, making them a significant security threat. Avoiding these downloads altogether is the safest approach to protecting personal information.
Read more »
Subscribe to: Posts (Atom)